PI-2692 Initial project setup (#1)

* PI-2692 Initial project setup * Basic setup * Renamed project * Updated README * Set Slack channel for security notifications * Simplified integration tests * Switched to NPM WireMock dependency * Removed need for Docker for local dev and testing * Removed "start-feature" scripts and feature.env * Other minor changes to template code * Updated "Token verification is disabled" message to only log once on startup * Removed some usage of "secrets: inherit" in GitHub workflows * Enable Dependabot with auto-merge
ministryofjustice · Dec 31, 2024 · 128e0cf · 128e0cf
1 parent 4fea0c8
commit 128e0cf
Show file tree

Hide file tree

Showing 40 changed files with 377 additions and 1,024 deletions.
diff --git a/.env.example b/.env.example
@@ -1,10 +1,4 @@
+NODE_ENV=development
+ENVIRONMENT_NAME=dev
 REDIS_ENABLED=false
 TOKEN_VERIFICATION_ENABLED=false
-
-# Credentials for allowing user access
-AUTH_CODE_CLIENT_ID=hmpps-typescript-template
-AUTH_CODE_CLIENT_SECRET=clientsecret
-
-# Credentials for API calls
-CLIENT_CREDS_CLIENT_ID=hmpps-typescript-template-system
-CLIENT_CREDS_CLIENT_SECRET=clientsecret
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1,6 @@
+* @ministryofjustice/probation-integration
+package.json
+package-lock.json
+.github/actions
+.github/workflows
+**/Dockerfile
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,25 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    groups:
+      minor:
+        update-types:
+          - "minor"
+          - "patch"
+        patterns:
+          - "*"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    groups:
+      minor:
+        update-types:
+          - "minor"
+          - "patch"
+        patterns:
+          - "*"
diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml
@@ -0,0 +1,22 @@
+# Automated management of Dependabot PRs
+name: Dependabot
+on: pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ secrets.BOT_APP_ID }}
+          private-key: ${{ secrets.BOT_APP_PRIVATE_KEY }}
+
+      - uses: ministryofjustice/hmpps-probation-integration-services/.github/actions/dependabot-automerge@main
+        with:
+          token: ${{ steps.app-token.outputs.token }}
diff --git a/.github/workflows/deploy_to_env.yml b/.github/workflows/deploy_to_env.yml
@@ -24,15 +24,15 @@ permissions:
 jobs:
   helm_lint:
     name: helm lint
-    uses: ministryofjustice/hmpps-github-actions/.github/workflows/test_helm_lint.yml@v2 # WORKFLOW_VERSION
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/test_helm_lint.yml@v2
     secrets: inherit
     with:
       environment: ${{ inputs.environment }}
   deploy_env:
     name: Deploy to environment
     needs:
       - helm_lint
-    uses: ministryofjustice/hmpps-github-actions/.github/workflows/deploy_env.yml@v2 # WORKFLOW_VERSION
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/deploy_env.yml@v2
     secrets: inherit
     with:
       environment: ${{ inputs.environment }}

diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml
@@ -1,9 +1,7 @@
-name: Pipeline [test -> build -> deploy]
+name: Pipeline
 
 on:
   push:
-    branches:
-      - '**'
   workflow_dispatch:
     inputs:
       additional_docker_tag:
@@ -23,77 +21,105 @@ permissions:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
-# This will cancel all running build/test/release pipelines that are not on the main branch
-# If this pipeline is on the main branch, it will wait until existing runs complete
-  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
 
 jobs:
-  # main node build workflow
-  node_build:
-    name: node build
-    uses: ministryofjustice/hmpps-github-actions/.github/workflows/node_build.yml@v2 # WORKFLOW_VERSION
-    secrets: inherit
-  # generic node unit tests - feel free to override with local tests if required
-  node_unit_tests:
-    name: node unit tests
-    uses: ministryofjustice/hmpps-github-actions/.github/workflows/node_unit_tests.yml@v2 # WORKFLOW_VERSION
-    needs: [node_build]
-    secrets: inherit
-  # generic node integration tests using wiremock - feel free to override with local tests if required
-  node_integration_tests:
-    name: node integration tests
-    uses: ministryofjustice/hmpps-github-actions/.github/workflows/node_integration_tests.yml@v2 # WORKFLOW_VERSION
-    needs: [node_build]
-    secrets: inherit
+  build:
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/node_build.yml@v2
+
+  unit_tests:
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/node_unit_tests.yml@v2
+    needs: build
+
+  integration_tests:
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+      - uses: actions/download-artifact@v4
+        with:
+          name: npm_build_artifacts
+      - uses: actions/cache/restore@v4
+        with:
+          path: |
+            ./node_modules
+            ~/.cache/Cypress
+          key: ${{ runner.os }}-build-node-modules-${{ hashFiles('**/package-lock.json') }}
+      - uses: actions/download-artifact@v4
+        with:
+          name: npm_build_artifacts
+          path: |
+            build/
+            dist/
+            assets/stylesheets/
+      - name: Start service
+        run: |
+          cp .env.example .env
+          npm run wiremock &
+          npm run start &
+          timeout 10 sh -c 'until curl -s localhost:3000; do sleep 1; done'
+      - name: Run tests
+        run: npm run int-test
+      - if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: npm_integration_test_artifacts
+          path: |
+            integration-tests/videos/
+            integration_tests/screenshots/
+
   helm_lint:
     strategy:
       matrix:
-        environments: ['dev', 'preprod', 'prod']
-    name: helm lint
-    uses: ministryofjustice/hmpps-github-actions/.github/workflows/test_helm_lint.yml@v2 # WORKFLOW_VERSION
-    secrets: inherit
+        environment: [dev, preprod, prod]
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/test_helm_lint.yml@v2
+    secrets:
+      HMPPS_SRE_SLACK_BOT_TOKEN: ${{ secrets.HMPPS_SRE_SLACK_BOT_TOKEN }}
     with:
-      environment: ${{ matrix.environments }}
-  build:
-    name: Build docker image from hmpps-github-actions
-    if: github.ref == 'refs/heads/main'
-    uses: ministryofjustice/hmpps-github-actions/.github/workflows/docker_build.yml@v2 # WORKFLOW_VERSION
-    needs:
-      - node_integration_tests
-      - node_unit_tests
+      environment: ${{ matrix.environment }}
+
+  docker_build:
+    if: github.ref_name == 'main'
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/docker_build.yml@v2
     with:
       docker_registry: 'ghcr.io'
       registry_org: 'ministryofjustice'
       additional_docker_tag: ${{ inputs.additional_docker_tag }}
       push: ${{ inputs.push || true }}
       docker_multiplatform: true
+
   deploy_dev:
-    name: Deploy to the development environment
+    name: Deploy to dev
     needs:
-      - build
-      - helm_lint
-    uses: ministryofjustice/hmpps-github-actions/.github/workflows/deploy_env.yml@v2 # WORKFLOW_VERSION
+      - docker_build
+      - integration_tests
+      - unit_tests
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/deploy_env.yml@v2
     secrets: inherit
     with:
-      environment: 'dev'
-      app_version: '${{ needs.build.outputs.app_version }}'
-  # deploy_preprod:
-  #   name: Deploy to pre-production environment
-  #   needs:
-  #     - build
-  #     - deploy_dev
-  #   uses: ministryofjustice/hmpps-github-actions/.github/workflows/deploy_env.yml@v2 # WORKFLOW_VERSION
-  #   secrets: inherit
-  #   with:
-  #     environment: 'preprod'
-  #     app_version: '${{ needs.build.outputs.app_version }}'
-  # deploy_prod:
-  #   name: Deploy to production environment
-  #   needs:
-  #     - build
-  #     - deploy_preprod
-  #   uses: ministryofjustice/hmpps-github-actions/.github/workflows/deploy_env.yml@v2 # WORKFLOW_VERSION
-  #   secrets: inherit
-  #   with:
-  #     environment: 'prod'
-  #     app_version: '${{ needs.build.outputs.app_version }}'
+      environment: dev
+      app_version: ${{ needs.docker_build.outputs.app_version }}
+
+  deploy_preprod:
+   name: Deploy to preprod
+   needs:
+     - docker_build
+     - integration_tests
+     - unit_tests
+   uses: ministryofjustice/hmpps-github-actions/.github/workflows/deploy_env.yml@v2
+   secrets: inherit
+   with:
+     environment: preprod
+     app_version: ${{ needs.docker_build.outputs.app_version }}
+
+  deploy_prod:
+   name: Deploy to prod
+   needs:
+     - docker_build
+     - deploy_dev
+     - deploy_preprod
+   uses: ministryofjustice/hmpps-github-actions/.github/workflows/deploy_env.yml@v2
+   secrets: inherit
+   with:
+     environment: prod
+     app_version: ${{ needs.docker_build.outputs.app_version }}
diff --git a/.github/workflows/security_npm_dependency.yml b/.github/workflows/security_npm_dependency.yml
@@ -2,11 +2,12 @@ name: Security npm dependency check
 on:
   workflow_dispatch:
   schedule:
-    - cron: "19 6 * * MON-FRI" # Every weekday
+    - cron: "30 5 * * MON-FRI" # Every weekday at 05:30 UTC
 jobs:
   security-npm-dependency-check:
     name: Project security npm dependency check
-    uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_npm_dependency.yml@v2 # WORKFLOW_VERSION
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_npm_dependency.yml@v2
     with:
-      channel_id: ${{ vars.SECURITY_ALERTS_SLACK_CHANNEL_ID || 'NO_SLACK' }}
-    secrets: inherit
+      channel_id: probation-integration-notifications
+    secrets:
+      HMPPS_SRE_SLACK_BOT_TOKEN: ${{ secrets.HMPPS_SRE_SLACK_BOT_TOKEN }}
diff --git a/.github/workflows/security_trivy.yml b/.github/workflows/security_trivy.yml
@@ -2,11 +2,12 @@ name: Security trivy dependency check
 on:
   workflow_dispatch:
   schedule:
-    - cron: "19 6 * * MON-FRI" # Every weekday
+    - cron: "30 5 * * MON-FRI" # Every weekday at 05:30 UTC
 jobs:
   security-kotlin-trivy-check:
     name: Project security trivy dependency check
-    uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_trivy.yml@v2 # WORKFLOW_VERSION
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_trivy.yml@v2
     with:
-      channel_id: ${{ vars.SECURITY_ALERTS_SLACK_CHANNEL_ID || 'NO_SLACK' }}
-    secrets: inherit
+      channel_id: probation-integration-notifications
+    secrets:
+      HMPPS_SRE_SLACK_BOT_TOKEN: ${{ secrets.HMPPS_SRE_SLACK_BOT_TOKEN }}
diff --git a/.github/workflows/security_veracode_pipeline_scan.yml b/.github/workflows/security_veracode_pipeline_scan.yml
diff --git a/.github/workflows/security_veracode_policy_scan.yml b/.github/workflows/security_veracode_policy_scan.yml